Name of the Vulnerable Software and Affected Versions CKB (affected versions not specified)

Description An issue allows an adversary to create a message with a compressed size less than the package limit, but with a very large decompressed length, such as 1G. This can cause a node to consume a significant amount of memory when processing network messages. On systems with less than 1G of memory, the process may be killed directly due to an out-of-memory error.

Recommendations To resolve the issue, the node must check the decompress length before allocating memory for the message. As a temporary workaround, consider implementing memory allocation checks to prevent excessive memory usage until a patch is available.